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REMARKS/ARGUMENTS 

Claims 1-40 are currently pending. Claims 1,9, 17, 25, and 32 are independent. 
Claims 1-3, 9, 11-12, 17, 25-28, 32, 33, 35, and 36 are hereby amended. Claim 18 is 
cancelled. No claims have been added. No new matter has been added. Upon entry of 
the present amendment claims 1-17 and 19-40 will be presented for examination. 

Double Patenting rejection 

The Examiner rejected claims 1-40 as patentably indistinct from pending 
application 10/782,739. Applicant hereby submits a terminal disclaimer for the instant 
case, and therefore submits this rejection is overcome. 

Rejection of claims 1-4. 6-12. 14-20. 22-29, 31-36. 38-40 

The examiner rejected claims 1-4, 6-12, 14-20, 22-29, 31-36, 38-40 under 35 
U.S.C. 103(a) as being unpatentable over U.S. Patent No. 6,772,347 (Xie) in view of U.S. 
Pub. No. 2005/0086206 (Balasubramanian). Claim 18 has been cancelled, mooting this 
rejection with respect to his claim. 

Applicant respectfully submits that Xie does not teach or suggest the limitation: 

maintaining a frequency for the first URL component, wherein the 
frequency is a function of a number of occurrences with which 
messages containing the fust URL component were rejected 

and likewise that Xie does not teach or suggest the limitation: 

generating an exception rule for the first URL component and its 
descendants responsive to the frequency of the first URL component 
satisfying a set of constraints 

both of which are recited by independent claims 1,9, 17, 25, and 32. The Examiner cites 
Xie, Col. 5, lines 10-15, as describing maintaining a frequency related to incoming 
messages (Office Action p. 4). However, applicant respectfully submits that this portion 
of Xie describes the opposite of the present claims. Specifically, this portion of Xie 
states 
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for certain rules, known as counter rules, the firewall engine will 
increment the count register and continue the search. If the count 
threshold is exceeded, or if the search locates a match for a non-counter 
rule, the search results are written to the status register. 

The counter rules described by Xie allow a certain number of messages of a given type to 
pass, and then disallow remaining messages once that threshold is exceeded. Thus Xie 
only describes counting numbers of allowed packets, not numbers of rejections. By 
contrast, the present claims reject messages until the threshold is reached, and then 
generate an exception rule allowing the traffic. The Examiner admits in a later rejection 
that "Xie does not disclose dynamically generated rules when it is determined that packet 
denial is greater than a desired threshold amount." The present claims require 
determining that a given URL component has been rejected at least a certain amount 
before an exception rule is generated allowing the packet containing the URL 
component — exactly the concept the Examiner admits is not discussed in Xie. Thus Xie 
does not teach or suggest "maintaining a frequency for the first URL component, wherein 
the frequency is a function of a number of occurrences with which messages containing 
the first URL component was rejected by a rule" 

The Examiner further cites Xie, Col. 5, lines 50-52 for this limitation (Office 
Action, p. 4). Again, this portion of Xie teaches the opposite of the pending claims. This 
portion of Xie describes the following 

The dynamic filter 637 generates rules using criteria such as port number and IP 
address, which are extracted from incoming packets for applications, such as 
RealAudio, Netmeeting (which uses the H3232 protocol) and network file system 
(NFS). 

For example, when an FTP is initiated, the first sequence of FTP packets, which 
includes information on the port number and the IP address, will be passed by the 
rules in the ACL engine 621. The dynamic filter 637 then extracts port number and 
IP address from this first sequence of packets, and generates new rules, similar to the 
fixed rules used by the ACL, including these criteria. Later sequences of FTP packets 
will be denied by the ACL engine 621, but the dynamic filter 637 will pass the 
packets based on the new, dynamically-generated rules. 
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These passages illustrate that the dynamic rules of Xie are generated in response 
to information contained in previously allowed traffic (e.g. port numbers in allowed FTP 
initiation traffic) — the teachings of Xie are to observe previously allowed messages to 
determine what future traffic should also be allowed. By contrast, the present claims 
require generating an exception rule responsive to the determined frequency of 
previously rejected URL components exceeding a threshold. Thus Xie does not teach 
"generating an exception rule for the first URL component and its descendants responsive 
to the frequency of the first URL component satisfying a set of constraints" as required 
by the independent claims. Applicant submits that Xie does not suggest such a limitation, 
because, as described above, Xie's principle of operation, observing previously allowed 
messages to determine what future traffic should also be allowed, is the opposite of the 
present claims, which require observing previously rejected messages to determine future 
traffic to be allowed. 

Applicant further submits that Balasubramanian also does not disclose either of 
the limitations. Although Balasubramanian describes filtering of URLs, Balasubramian 
fails to teach or suggest maintaining any frequency of rejected URL components or 
generating any exception rules based on such frequencies. Thus Balasubramanian and 
Xie, either alone or in combination, do not teach or suggest "maintaining a frequency for 
the first URL component, wherein the frequency is a function of a number of occurrences 
with which messages containing the first URL component was rejected by a rule" or 
"generating an exception rule for the first URL component and its descendants responsive 
to the frequency of the first URL component satisfying a set of constraints" as required 
by as required by claims 1-4, 6-12, 14-20, 22-29, 31-36, 38-40. 

Rejection of claims 5. 13. 21. 30, 37 

The Examiner rejected claims 5, 13, 21, 30, and 37 under 35 U.S.C. 103(a) as 
being unpatentable over Xie in view of Balasubramanian and further in view of U.S. Pub. 
No. 2004/0250124 (Chesla). As argued above, Balasubramanian and Xie, either alone or 
in combination, do not teach or "maintaining a frequency for the first URL component, 
wherein the frequency is a function of a number of occurrences with which messages 
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containing the first URL component was rejected by a rule" or "generating an exception 
rule for the first URL component and its descendants responsive to the frequency of the 
first URL component satisfying a set of constraints." Applicant respectfully submits that 
Chesla fails to cure the deficiency. 

The portion of Chesla ([0017]) cited by the Examiner simply describes the 
desirability of a feedback control loop without greater detail. Further reading of Chesla 
reveals that, as with Xie, the feedback loop of Chesla operates in the opposite manner of 
the present claims. Chesla detects parameters of malicious traffic to generate a rule 
causing subsequent traffic to be rejected. (See e.g. Chesla at [0149]). By contrast, the 
present claims require counting a number of previously rejected URL components to 
generate a rule causing subsequent traffic to be allowed. Thus Chesla does not teach 
"maintaining a frequency for the first URL component, wherein the frequency is a 
function of a number of occurrences with which messages containing the first URL 
component was rejected by a rule" or "generating an exception rule for the first URL 
component and its descendants responsive to the frequency of the first URL component 
satisfying a set of constraints." 
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CONCLUSION 

In view of the above remarks, Applicant believes the pending application is in 
condition for allowance. 



Respectfully submitted, 

CHOATE, HALL & STEWART LLP 



Date: December 17, 2007 /John D. Lanza/ 

John D. Lanza 
Registration No. 40,060 



Patent Group 

CHOATE, HALL & STEWART LLP 
Two International Place 
Boston, MA 02110 
Tel: (617)248-5000 
Fax: (617) 248-4000 



4273509vl 



